CVE-2019-25285
Unknown Unknown - Not Provided
Unquoted Service Path in Alps ApHidMonitorService Enables Privilege Escalation

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25285
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alps pointing-device_controller to 8.1202.1711.04 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability in the 'ApHidMonitorService'. Because the service path is unquoted and contains spaces, a local attacker with limited privileges can place a malicious executable in a part of the service path. When the service restarts or the system reboots, the system may execute this malicious executable with elevated system-level privileges, allowing the attacker to run code as the LocalSystem account."}] [1, 3]

Impact Analysis

This vulnerability allows local attackers to escalate their privileges from limited user rights to system-level access. By placing a malicious executable in the unquoted service path, an attacker can execute arbitrary code with elevated privileges when the service restarts or the system reboots. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of files, and disruption of system availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for unquoted service paths in the ApHidMonitorService on affected systems.'}, {'type': 'paragraph', 'content': 'You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (SC) commands to discover the unquoted service path.'}, {'type': 'list_item', 'content': 'Use the command: wmic service where "name=\'ApHidMonitorService\'" get PathName'}, {'type': 'list_item', 'content': 'Use the command: sc qc ApHidMonitorService'}, {'type': 'paragraph', 'content': 'If the service path returned contains spaces and is not enclosed in quotes, the system is vulnerable.'}] [1, 3]

Mitigation Strategies

To mitigate this vulnerability, immediately ensure that the service path for ApHidMonitorService is properly quoted to prevent execution of malicious executables.

You should also restrict local user permissions to prevent placing executables in the vulnerable path segments.

Additionally, consider restarting the service or the system after applying fixes to clear any malicious executables that might have been placed.

If possible, update or patch the Alps Pointing-device Controller software to a version that addresses this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25285. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart